Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: Looking for some packets going to tcp/8520 SANS ISC InfoSec Forums

Special Webcast: What you need to know about the crypt32.dll vulnerability. Register Now

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Looking for some packets going to tcp/8520

One of our readers has come across traffic leaving the network with a destination of CN and a destination port of tcp 8520.  

If you are seeing the same I'd like to know, even better if you have a capture of the traffic including the payload that would be great. 

Cheers

Mark H 

Mark

391 Posts
ISC Handler
Do you have IP ranges? I can search on tcp port, but not CN
John

88 Posts
61.131/16 should get you something. Unfortunately not able to provide a closer range. - MH
Mark

391 Posts
ISC Handler
123.x.x.x generally - but 121.x.x.x through 125.x.x.x should be asia-pacific
Mark
6 Posts
Found this on Speednet:

http://www.speedguide.net/port.php?port=8520

netsec_ct

1 Posts
This is not 2-way traffic? There is a callback of a specific group's RAT associated with that port.
Anonymous
Didn't find anything--I guess that's good
John

88 Posts

Sign Up for Free or Log In to start participating in the conversation!